- What is cybercrime?
- Classification of Cyber Crimes
- Reasons for Commission of Cyber Crimes
- How to combat the cyber security attacks?
INTRODUCTION TO CYBERCRIME
The internet was born around the 1960‟s where its access was limited to a few scientists, researchers and the defense only. Internet user base have evolved expontinanlty. Initially, computer crime was only confined to making physical damage to the computer and related infrastructure. Around the 1980‟s the trend changed from causing physical damage to computers to making a computer malfunction using a malicious code called virus. Till then the effect was not so widespread because the internet was only confined to defense setups, large international companies and research communities. In 1996, when the internet was launched for the public, it immediately became popular among the masses and they slowly became dependent on it to an extent that it have changed their lifestyle. The GUIs were written so well that the user don‟t have to bother how the internet was functioning. They have to simply make a few clicks over the hyperlinks or type the desired information at the desired place without bothering where this data is stored and how it is sent over the internet or whether the data can be accessed by another person who is connected to the internet or whether the data packet sent over the internet can be soofed and tempered. The focus of computer crime shifted from barely damaging the computer or destroying or manipulating data for personal benefit to financial crime. These computer attacks are increasing at a rapid pace. Every second around 25 computers became victims of cyber attacks and around 800 million individuals are affected by it till 2013. CERT-India has reported around 308371 Indian websites being hacked between 2011-2013. It is also estimated that around $160 million are lost per year due to cybercrime. This figure is very conservative as most of the cases are never reported.
According to the 2013-14 report of the standing committee on Information Technology to the 15th Lok Sabha by the ministry of communication and information technology, India is the third-largest number do Internet users throughout the world with an estimated 100 million internet users as on June, 2011 and the numbers are growing rapidly. There are around 22 million broadband connections in India till date operated by around 134 major Internet Service Providers(ISPs).
What is cybercrime?
The term cybercrime is used to describe an unlawful activity in which computer or computing devices such as smartphones, tablets, Personal Digital Assistants(PDAs), etc. which are stand alone or a part of a network are used as a tool or/and target of criminal activity. It is often committed by the people of destructive and criminal mindset either for revenge, greed or adventure.
Classification of Cyber Crimes
The cyber criminal could be internal or external to the organization facing the cyber attack. Based on this fact, cybercrime could be categorized into two types:
- Insider Attack: An attack to the network or the computer system by some person with authorized system access is known as an insider attack. It is generally performed by dissatisfied or unhappy inside employees or contractors. The motive of the insider attack could be revenge or greed. It is comparatively easy for an insider to perform a cyber-attack as he is well aware of the policies, processes, IT architecture and weakness of the security system. Moreover, the attacker has access to the network. Therefore it is comparatively easy for an insider attacker to steal sensitive information, crash the network, etc. In most cases, the reason for insider attack is when an employee is fired or assigned new roles in an organization, and the role is not reflected in the IT policies. This opens a vulnerability window for the attacker. The insider attack could be prevented by planning and installing an Internal intrusion detection system (IDS) in the organization.
- External Attack: When the attacker is either hired by an insider or an external entity to the organization, it is known as an external attack. The organization which is a victim of cyber-attack not only faces financial loss but also the loss of reputation. Since the attacker is external to the organization, so these attackers usually scan and gather information. An experienced network/security administrator keeps a regular eye on the log generated by the firewalls as external attacks can be traced out by carefully analyzing these firewall logs. Also, Intrusion Detection Systems are installed to keep an eye on external attacks. Cyber attacks can also be classified as structure attacks and unstructured attacks based on the level of maturity of the attacker. Some of the authors have classified these attacks as a form of external attacks but there is the precedence of the cases when a structured attack was performed by an internal employee. This happens in the case when the competitor company wants the future strategy of an organization on certain points. The attacker may strategically gain access to the company as an employee and access the required information. Unstructured attacks: These attacks are generally performed by amateurs who don‟t have any predefined motives to perform the cyber attack. Usually, these amateurs try to test a tool readily available over the internet on the network of a random company. Structure Attack: These types of attacks are performed by highly skilled and experienced people and the motives of these attacks are clear in their mind. They have access to sophisticated tools and technologies to gain access to other networks without being noticed by their Intrusion Detection Systems(IDSs). Moreover, these attackers have the necessary expertise to develop or modify the existing tools to satisfy their purpose. These types of attacks are usually performed by professional criminals, by a country on other rival countries, politicians to damage the image of the rival person or the country, terrorists, rival companies, etc. Cybercrimes have turned out to be low-investment, low-risk businesses with huge returns. Nowadays these structured crimes are performed are highly organized. There is a perfect hierarchical organizational setup like formal organizations and some of them have reached a level in technical capabilities at par with those of developed nations. They are targeting large financial organizations, defense and nuclear establishments and they are also into online drugs trading. The role of all the people in the hierarchy remains changing and it is based on opportunity. If a hacker who have hacked sensitive data from an organization may use it to financially exploiting the organization himself. In case, the hacker himself have the technical expertise for it, he will do it himself, otherwise, he may find a buyer who is interested in that data and have the technical expertise. There are some cyber criminals offer on-demand and services. The person, organization or a country may contact these cyber criminals for hacking an organization to gain access to some sensitive data or create massive denial–of–service attacks on their competitors. Based on the demand of the customer the hackers write malware, virus, etc to suit their requirements. An organization affected by a cyber attack, not only faces financial loss, but its reputation is also adversely affected, and the competitor organization will definitely benefited by it.
Reasons for Commission of Cyber Crimes
There are many reasons which act as a catalyst in the growth of cyber crime. Some of the prominent reasons are: a. Money: People are motivated towards committing cyber crime is to make quick and easy money. b. Revenge: Some people try to take revenge with other person/organization/society/ caste or religion by defaming its reputation or bringing economical or physical loss. This comes under the category of cyber terrorism. c. Fun: The amateur does cybercrime for fun. They just want to test the latest tool they have encountered. d. Recognition: It is considered to be pride if someone hack highly secured networks like defense sites or networks. e. Anonymity- Many time the anonymity that cyberspace provides motivates the person to commit cybercrime as it is much easy to commit a cybercrime over cyberspace and remain anonymous as compared to the real world. It is much easier to get away with criminal activity in a cyber world than in the real world. There is a strong sense of anonymity that can draw otherwise respectable citizens to abandon their ethics in pursuit of personal gain. f. Cyber Espionage: At times the government itself is involved in cyber trespassing to keep eye on other person/networks/countries. The reason could be politically, economically socially motivated.
How to combat the cyber security attacks?
There are many cyber security techniques to combat the cyber security attacks. The next section discusses some of the popular techniques to counter the cyber attacks.
AUTHENTICATION
It is a process of identifying an individual and ensuring that the individual is the same who he/she claims to be. A typical method for authentication over the internet is via username and password. With the increase in the reported cases of cyber crime by identity theft over the internet, the organizations have made some additional arrangements for authentication like One Time Password(OTP), as the name suggests it is a password which can be used one time only and is sent to the user as an SMS or an email at the mobile number/email address that he has specified during the registration process. It is known as the two-factor authentication method and requires two types of evidence to authentication an individual to provide an extra layer of security for authentication. Some other popular techniques for two-way authentication are: biometric data, physical tokens, etc. which are used in conjunction with username and password.
The authentication becomes more important in light of the fact that today multinational organizations have changed the way the business was to be say, 15 years back. They have offices present around the Globe, and an employee may want access which is present in a centralized server. Or an employee is working from home and not using the office intranet and wants access to some particular file present in the office network. The system needs to authenticate the user and based on the credentials of that user, may or may not provide access to the user to information he requested. The process of giving access to an individual to certain resources based on the credentials of an individual is known as authorization and often this process goes hand-in-hand with authorization. Now, one can easily understand the role of a strong password for authorization to ensure cyber security as an easy password can be a cause of security flaws and can bring the whole organization at high risk. Therefore, the password policy of an organization should be such that employees are forced to use strong passwords (more than 12 characters and a combination of lowercase and uppercase alphabets along with numbers and special characters) and prompt user to change their password frequently. In some of the bigger organizations or an organization that deals in sensitive information like defense agencies, financial institutions, planning commissions, etc. a hybrid authentication 27
the system is used which combines both the username and password along with hardware security measures like biometric system, etc. Some of the larger organizations also use VPN(Virtual Private Network), which is one of the methods to provide secure access via hybrid security authentication to the company network over the internet.
ENCRYPTION
It is a technique to convert the data in the unreadable form before transmitting it over the internet. Only the person who have the access to the key and converts it into a readable form and reads it. Formally encryption can be defined as a technique to lock the data by converting it too complex codes using mathematical algorithms. The code is so complex that it even the most powerful computer will take several years to break the code. This secure code can safely be transmitted over the internet to the destination. The receiver, after receiving the data can decode it using the key. The decoding of the complex code to the original text using key is known as decryption. If the same key is used to lock and unlock the data, it is known as symmetric key encryption. In symmetric-key encryption, after coding of data, the key is sent to the destination user via some other medium like postal service, telephone, etc. because if the key is obtained by the hacker, the security of the data is compromised. Key distribution is a complex task because the security of key while transmission is itself an issue. To avoid the transfer of key a method called asymmetric key encryption, also known as public-key encryption, is used. In asymmetric key encryption, the key used to encrypt and decrypt data are different. Every user posse‟s two keys viz. public key and private key. As the name suggests, the public key of every user is known to everyone but the private key is known to the particular user, who owns the key, only. Suppose sender A wants to send a secret message to receiver B through internet. A will encrypt the message using B‟s public key, as the public key is known to everyone. Once the message is encrypted, the message can safely be sent to B over the internet. As soon as the message is received by B, he will use his private key to decrypt the message and regenerate the original message.
DIGITAL SIGNATURES
It is a technique for the validation of data. Validation is the process of certifying the content of a document. The digital signatures not only validate the data but also used for authentication. The digital signature is created by encrypting the data with the private key of the sender. The encrypted data is attached along with the original message and sent over the internet to the destination. The receiver can decrypt the signature with the public key of the sender. Now the decrypted message is compared with the original message. If both are the same, it signifies that the data is not tempered and also the authenticity of the sender is verified as someone with the private key(which is known to the owner only) can encrypt the data which was then decrypted by his public key. If the data is tempered while transmission, it is easily detected by the receiver as the data will not be verified. Moreover, the massage cannot be re-encrypted after tempering as the private key, which is possessed only by the original sender, is required for this purpose. As more and more documents are transmitted over the internet, digital signatures are an essential part of the legal as well as the financial transition. It not only provides the authentication of a person and the validation of the document, it also prevents the denial or agreement at a later stage. Suppose a shareholder instructs the broker via email to sell the share at the current price. After the completion of the transaction, by any chance, the shareholder reclaims the shares by claiming the email to be forged or bogus. To prevent these unpleasant situations, digital signatures are used.
ANTIVIRUS
There are verities of malicious programs like viruses, worms, trojan horses, etc that are spread over the internet to compromise the security of a computer either to destroy data stored into the computer or gain financial benefits by sniffing passwords, etc. To prevent these malicious codes to enter to your system, a special program called an anti-virus is used which is designed to protect the system against viruses. It not only prevents the malicious code to enter the system but also detects and destroys the malicious code that is already installed into the system. There are lots of new viruses coming every day. The antivirus program regularly updates its database and provides immunity to the system against these new viruses, worms, etc.
FIREWALL
It is a hardware/software which acts as a shield between an organization‟s network and the internet and protects it from the threats like viruses, malware, hackers, etc. It can be used to limit the persons who can have access to your network and send information to you. There are two types of traffic in an organization viz. inbound traffic and outbound traffic. Using a firewall, it is possible to configure and monitor the traffic of the ports. Only the packets from trusted source addresses can enter the organization‟s network and the sources which are blacklisted and unauthorized addresses are denied access to the network. It is important to have firewalls to prevent the network from unauthorized access, but a firewall does not guarantee this until and unless it is configured correctly. A firewall can be implemented using hardware as well as software or a combination of both.
Hardware Firewalls: example of hardware firewalls are routers through which the network is connected to the network outside the organization i.e. Internet.
Software Firewalls: These firewalls are installed and installed on the server and client machines and it acts as a gateway to the organization‟ network.
In the operating system like Windows 2003, Windows 2008, etc. it comes embedded with the operating system. The only thing a user needs to do is to optimally configure the firewall according to their own requirement. The firewalls can be configured to follow “rules” and “policies” and based on these defined rules the firewalls can follow the following filtering mechanisms.
Proxy- all the outbound traffic is routed through proxies for monitoring and controlling the packet that are routed out of the organization.
Packet Filtering- based on the rules defined in the policies each packet is filtered by its type, port information, and source & destination information. Example of such characteristics is IP address, Domain names, port numbers, protocols etc. Basic packet filtering can be performed by routers.
Stateful Inspection: rather than going through all the fields of a packet, key features are defined. The outgoing/incoming packets are judged based on those defined characteristics only.
The firewalls are an essential component of the organization‟ network. They not only protect the organization against the virus and other malicious code but also prevent the hackers to use your network infrastructure to launch DOS attacks.
STEGANOGRAPHY
It is a technique of hiding secret messages in a document file, image file, program or protocol, etc. such that the embedded message is invisible and can be retrieved using special software. Only the sender and the receiver know about the existence of the secret message in the image. The advantage of this technique is that these files are not easily suspected. There are many applications of steganography which include sending secret messages without ringing the alarms, preventing secret files from unauthorized and accidental access and theft, digital watermarks for IPR issues, etc.